It has been said before that the key attribute of any organisation is the people who run it. Too often this is said as lip-service - as a way for senior personnel to imply that they are thinking of the little people.
The tragedy is that it is true. Think about it: if you took all the people out of the office building, and then asked the building, phones, computers and printers to run the business - do you think your profits would go up or down? Without the people, you have no business.
So it is with data security systems.
Short-cuts in this field will lead to a suboptimal system run by disinterested personnel, overseen by uncaring management and, as a result, will not provide the security being sought.
So how to you ensure you get the best from each person on an individual basis? Easy - appeal to them on an individualised basis.
Make sure that you make it clear what the specific benefits are to that specific individual. (No, you cannot do this on a generic level - that is the point!)
We are all motivated by things we want and like. While we can be persuaded to avoid things we dislike, they don't get the sort of attention we give to things we like. Thus ‘Personal Benefits and Advantages’ of operating the systems will beat ‘Corporate Benefits and Advantages’ . As for ‘Punishments and Disadvantages’ of any type, they just turn people away in disgust if they are intended to motivate. Yes, make it clear that anyone breaching organisational rules will be punished - they expect that - but driving an organisation by a punishment regime will not be as well received as one driven by a rewards culture.
These ‘Personal Benefits and Advantages’ must be tailored to each individual to get the optimal uptake.
This is one of a series of blogs on how to optimise your Data Security Controls by focusing on individual interests:
|1) Introduction: Introduction to string of blogs on how to encourage individuals to take data security seriously and apply it with enthusiasm|
|2) Staff Benefits: How do you appeal to individuals to encourage them to adopt and develop the data security system requirements with enthusiasm.|
|3) Business Benefits: The Business benefits of getting good data security controls - as a contrast to the benefits accruing to the individuals involved.|
|4) Salary Impact: Some people may be influenced by money and be encouraged to learn more if this is reflected in the reward structure.|
|5) Work Reduction: Some individuals react to the idea that they will have less work to do if they set things up well in the first place - it certainly is true for data security.|
|6) Bonus Payments: Where money is a key driver, but a change in salary is not possible, maybe a bonus system can be used instead to enthuse people into learning more about data security.|
|7) Tailored Training: Some people react well to being offered additional or specialised training - possibly with additional side benefits - whatever it may take to enthuse them to absorb data security awareness.|
|8) Choice of Equipment: Some people may choose to improve their working environment and this can be a method to enthuse people about data security too.|
|9) Holidays: Some people enjoy time off - and the ability to earn some spare hours may be sufficient to enthuse people about data security enough to earn them.|
|10) Moral Compass: Some people are driven more by their moral compass than whether they are paid more money or have time off. These are key people in your organisation as they will help steer the straight and narrow path.|
Your feedback and contributions would be welcome to help to hone these ideas for all to benefit from - please contact us via the https://securebusinessdata.co.uk/contact or call us on 0345 600 6975.